[LINK] slashdot on the Browser Security Feud

[Greg Taylor]

On Fri, 23 Sep 2005 19:19:50 +1000, Danny Yee wrote:
> ...
> It doesn't cost anything, but it's not "free" in the Free Software
> Foundation's sense of the term (or "open" by the OSI defintion).

Obviously I'm not spending enough time studying the Gnu Testament, or I would have understood the religious sensitivity of the word "free" as opposed to "Free" ;-).  I hope this is not an offence under the Religious Vilification Act.

> That won't matter for most end-users, but with developers looking
> to build systems on top of or around a browser, it can be an issue.

Given that browsers are, in theory at least, meant to conform to W3C standards, and to free the world from the evil of proprietary clients, I can't help wondering why anyone would build systems that depended on a particular browser.  There has been much despair on this list over the years, and rightly so, about websites that are browser-dependent.  Yet you seem to be supporting the concept, albeit in a different context.

> (It also stops many Linux distributions including Opera, which is a
> shame.)

Why?  A distribution is only a representative sample of application versions at a point in time.  Those applications need updating to improve functionality and cope with vulnerabilities, as we've seen with Firefox.  There's not much difference between installing a new version of Firefox and installing a new browser altogether.

The fact that one alternative is "open", while the other is "closed", "won't matter for most end-users" as you say, since most would be downloading a packaged binary in either case.  

And despite a (presumed but invisible) army of developers poring over thousands of lines of "open" code, and despite the long history of exposure of the Firefox code from its origins in Mozilla and Netscape, there are still major vulnerabilities.  


Greg